Apple releases second iOS update in a month to cover security issue

News by Dan Raywood

Apple released a mobile security update this week to fix a security issue with certificate validation.

Apple released a mobile security update this week to fix a security issue with certificate validation.

According to Apple, a certificate chain validation issue existed in the handling of X.509 certificates and an attacker with a privileged network position could capture or modify data in sessions protected by SSL/TLS.

Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains in update iOS 4.3.5.

The new patch can be applied to the iPhone 3GS and iPhone 4, third generation or later iPod touches running iOS 3.1 to 4.3.4 and iPads running iOS 3.2 to 4.3.4.

Nicholas J. Percoco, senior vice president and head of Trustwave's SpiderLabs, praised Apple's security team for the ‘very rapid response to this issue', saying that this was related to his talk at the Def Con show in two weeks.

Apple previously patched a flaw with version 4.3.4 that allowed a device to be jailbroken. It released the Lion OS X last week, along with a patch to cover 57 vulnerabilities in its Safari browser.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events